LinuxWebLog.com

Why I Ditched Linux for Samsung DeX  How-To Geek

Linux 6.13 EDAC Preps For Panther Lake H & Missing Support For Old Kabylake S CPUs  Phoronix

Rhino Linux: The Unique Distro That Combines Ubuntu and Rolling Releases Needs Your Support!  It's FOSS News

Google.org announced the 80 organizations that will receive funding and support from the AI Opportunity Fund: Europe to help 20,000 people learn AI skills.Google.org announced the 80 organizations that will receive funding and support from the AI Opportunity Fund: Europe to help 20,000 people learn AI skills.

An anonymous reader quotes a report from The Verge: After asking both SpaceX and Blue Origin to develop cargo landers for its Artemis missions, NASA has announced plans to use those landers to deliver heavy equipment to the Moon. The agency wants Elon Musk's SpaceX to use its Starship cargo lander to deliver a pressurized rover to the Moon "no earlier" than 2032, while Jeff Bezos' Blue Origin will be tasked with delivering a lunar surface habitat no sooner than 2033. Both launches will support NASA's Artemis missions, which aim to bring humans back to the Moon for the first time in over 50 years. Both companies are developing human landing systems for Artemis missions -- SpaceX for Artemis III and Blue Origin for Artemis V. NASA later asked both companies to develop cargo-hauling variants of those landers, capable of carrying 26,000 to 33,000 pounds of equipment and other materials to the Moon. NASA says it will issue proposals to SpaceX and Blue Origin at the beginning of next year.

Read more of this story at Slashdot.

Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws  SOCRadar

Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws  SOCRadar

Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws  SOCRadar

Unveiling WolfsBane: Gelsemium’s Linux counterpart to Gelsevirine  We Live Security

Researchers unearth two previously unknown Linux backdoors  Help Net Security

Space.com's Julian Dossett writes: For twelve years, we've watched Curiosity crawl its way over the rocky surface of Mars, decoding mysteries of the Red Planet and broadcasting back home pictures and data from the strange Martian environment. The Mars rover, built by NASA's Jet Propulsion Laboratory (JPL), has slowly scaled Mount Sharp since 2014. This mountain, officially monikered "Aeolis Mons," was discovered in the 1970s; cut into its alien landscape is the boulder-packed Gediz Vallis channel, which some scientists believe to be an ancient river bed. Curiosity crossed into Gediz Vallis earlier this year -- and, yesterday, JPL released a real treat for Mars lovers: a 360-degree panorama view of the Gediz Vallis channel. You can play the YouTube video and move your phone around for the nifty interactive feature. Or, if you're using a desktop PC, you can shift the video around with a mouse. The panorama showcases features like Kukenan Butte and Gale Crater Rim, with scientists debating whether water, wind, or landslides shaped the boulder-laden terrain. Another interesting observation is the presence of mysterious sulfur stones with yellow crystals. Scientists are unsure about their origin since such formations on Earth are linked to hot springs and volcanoes -- neither of which are known to exist on Mars. Curiosity is now heading toward a location called "the boxwork," a mineral-rich area potentially formed by ancient water flows.

Read more of this story at Slashdot.

It’s late in the year, and you may have realized that you will owe more income tax than you thought. In order to avoid penalties, you’ll need to send some extra money to the IRS or your state tax collector. Here is the *general* rule to avoid a penalty for underpayment of estimated tax, according to the IRS:

Generally, most taxpayers will avoid this penalty if they owe less than $1,000 in tax after subtracting their withholdings and credits, or if they paid at least 90% of the tax for the current year, or 100% of the tax shown on the return for the prior year, whichever is smaller.

But again, that’s generally. Even if you send it by the end of the year, you may still be on the hook for some penalties because the IRS wants you to pay your taxes evenly throughout the year. For example, technically you’ll need to pay 25% of the tax shown on the return for the prior year for each of the four quarters, adding up to 100% over the entire year. They don’t allow you to pay everything on December 31st.

There are two ways to pay your taxes during the year:

• Withholding from your pay, your pension or certain government payments, such as Social Security.
• Making quarterly estimated tax payments during the year.

However, there is a small but potentially important different between the two options. No matter when your withholding is taken out from your paycheck during the year, it is viewed as being paid in evenly. In contrast, any 1040-ES estimated payments are assigned to a specific quarter.

So if you think you’ve underpaid your taxes by enough that penalties may apply, you should consider changing your paycheck withholding to increase your tax payments instead of making a direct payment to the IRS. Many payroll providers will let you adjust things online and you can specifically set the amount of extra withholding for them to take out. Or you may have to submit a W-4 directly to your HR department. This will be step 4(c) on the official W-4 form. Note that this will be the flat amount taken out of each paycheck until you change it back. See top image for reference (source).

DOJ’s approach would harm American consumers, developers, and small businesses and jeopardize America’s global economic and technological leadership.DOJ’s approach would harm American consumers, developers, and small businesses and jeopardize America’s global economic and technological leadership.

In a 23-page document (PDF) filed late Wednesday, U.S. regulators asked a federal judge to break up Google after a court found the tech giant of maintaining an abusive monopoly through its dominant search engine. As punishment, the DOJ calls for a sale of Google's Chrome browser and restrictions to prevent Android from favoring its own search engine. The Associated Press reports: Although regulators stopped short of demanding Google sell Android too, they asserted the judge should make it clear the company could still be required to divest its smartphone operating system if its oversight committee continues to see evidence of misconduct. [...] The Washington, D.C. court hearings on Google's punishment are scheduled to begin in April and Mehta is aiming to issue his final decision before Labor Day. If [U.S. District Judge Amit Mehta] embraces the government's recommendations, Google would be forced to sell its 16-year-old Chrome browser within six months of the final ruling. But the company certainly would appeal any punishment, potentially prolonging a legal tussle that has dragged on for more than four years. Besides seeking a Chrome spinoff and a corralling of the Android software, the Justice Department wants the judge to ban Google from forging multibillion-dollar deals to lock in its dominant search engine as the default option on Apple's iPhone and other devices. It would also ban Google from favoring its own services, such as YouTube or its recently-launched artificial intelligence platform, Gemini. Regulators also want Google to license the search index data it collects from people's queries to its rivals, giving them a better chance at competing with the tech giant. On the commercial side of its search engine, Google would be required to provide more transparency into how it sets the prices that advertisers pay to be listed near the top of some targeted search results. The measures, if they are ordered, threaten to upend a business expected to generate more than $300 billion in revenue this year. "The playing field is not level because of Google's conduct, and Google's quality reflects the ill-gotten gains of an advantage illegally acquired," the Justice Department asserted in its recommendations. "The remedy must close this gap and deprive Google of these advantages."

Read more of this story at Slashdot.

Ubuntu 25.04 Daily Builds Are Now Available  OMG! Ubuntu!

An anonymous reader quotes a report from 404 Media: Instagram is flooded with hundreds of AI-generated influencers who are stealing videos from real models and adult content creators, giving them AI-generated faces, and monetizing their bodies with links to dating sites, Patreon, OnlyFans competitors, and various AI apps. The practice, first reported by 404 Media in April, has since exploded in popularity, showing that Instagram is unable or unwilling to stop the flood of AI-generated content on its platform and protect the human creators on Instagram who say they are now competing with AI content in a way that is impacting their ability to make a living. According to our review of more than 1,000 AI-generated Instagram accounts, Discord channels where the people who make this content share tips and discuss strategy, and several guides that explain how to make money by "AI pimping," it is now trivially easy to make these accounts and monetize them using an assortment of off-the-shelf AI tools and apps. Some of these apps are hosted on the Apple App and Google Play Stores. Our investigation shows that what was once a niche problem on the platform has industrialized in scale, and it shows what social media may become in the near future: a space where AI-generated content eclipses that of humans. [...] Out of more than 1,000 AI-generated Instagram influencer accounts we reviewed, 100 included at least some deepfake content which took existing videos, usually from models and adult entertainment performers, and replaced their face with an AI-generated face to make those videos seem like new, original content consistent with the other AI-generated images and videos shared by the AI-generated influencer. The other 900 accounts shared images that in some cases were trained on real photographs and in some cases made to look like celebrities, but were entirely AI-generated, not edited photographs or videos. Out of those 100 accounts that shared deepfake or face-swapped videos, 60 self-identify as being AI-generated, writing in their bios that they are a "virtual model & influencer" or stating "all photos crafted with AI and apps." The other 40 do not include any disclaimer stating that they are AI-generated. Adult content creators like Elaina St James say they're now directly competing with these AI rip-off accounts that often use stolen content. Since the explosion of AI-generated influencer accounts on Instagram, St James said her "reach went down tremendously," from a typical 1 million to 5 million views a month to not surpassing a million in the last 10 months, and sometimes coming in under 500,000 views. While she said changes to Instagram's algorithm could also be at play, these AI-generated influencer accounts are "probably one of the reasons my views are going down," St James told 404 Media. "It's because I'm competing with something that's unnatural." Alexios Mantzarlis, the director of the security, trust, and safety initiative at Cornell Tech and formerly principal of trust and safety intelligence at Google, started researching the problem to see where AI-generated content is taking social media and the internet. "It felt like a possible sign of what social media is going to look like in five years," said Mantzarlis. "Because this may be coming to other parts of the internet, not just the attractive-people niche on Instagram. This is probably a sign that it's going to be pretty bad."

Read more of this story at Slashdot.

Linux 6.13 Adds Support For Ultra Capacity SD Cards "SDUC" For 2TB To 128TB Storage  Phoronix

Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below: - CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library. - CVE-2024-48992: The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB environment variable. This allows local attackers to execute arbitrary Ruby code as root by injecting malicious libraries into the process. - CVE-2024-48991: A race condition in needrestart allows a local attacker to replace the Python interpreter binary being validated with a malicious executable. By timing the replacement carefully, they can trick needrestart into running their code as root. - CVE-2024-10224: Perl's ScanDeps module, used by needrestart, improperly handles filenames provided by the attacker. An attacker can craft filenames resembling shell commands (e.g., command|) to execute arbitrary commands as root when the file is opened. - CVE-2024-11003: Needrestart's reliance on Perl's ScanDeps module exposes it to vulnerabilities in ScanDeps itself, where insecure use of eval() functions can lead to arbitrary code execution when processing attacker-controlled input. The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws. "Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited," adds BleepingComputer.

Read more of this story at Slashdot.

Five local privilege escalation (LPE) vulnerabilities in the Linux utility "needrestart" -- widely used on Ubuntu to manage service updates -- allow attackers with local access to escalate privileges to root. The flaws were discovered by Qualys in needrestart version 0.8, and fixed in version 3.8. BleepingComputer reports: Complete information about the flaws was made available in a separate text file, but a summary can be found below: - CVE-2024-48990: Needrestart executes the Python interpreter with a PYTHONPATH environment variable extracted from running processes. If a local attacker controls this variable, they can execute arbitrary code as root during Python initialization by planting a malicious shared library. - CVE-2024-48992: The Ruby interpreter used by needrestart is vulnerable when processing an attacker-controlled RUBYLIB environment variable. This allows local attackers to execute arbitrary Ruby code as root by injecting malicious libraries into the process. - CVE-2024-48991: A race condition in needrestart allows a local attacker to replace the Python interpreter binary being validated with a malicious executable. By timing the replacement carefully, they can trick needrestart into running their code as root. - CVE-2024-10224: Perl's ScanDeps module, used by needrestart, improperly handles filenames provided by the attacker. An attacker can craft filenames resembling shell commands (e.g., command|) to execute arbitrary commands as root when the file is opened. - CVE-2024-11003: Needrestart's reliance on Perl's ScanDeps module exposes it to vulnerabilities in ScanDeps itself, where insecure use of eval() functions can lead to arbitrary code execution when processing attacker-controlled input. The report notes that attackers would need to have local access to the operation system through malware or a compromised account in order to exploit these flaws. "Apart from upgrading to version 3.8 or later, which includes patches for all the identified vulnerabilities, it is recommended to modify the needrestart.conf file to disable the interpreter scanning feature, which prevents the vulnerabilities from being exploited," adds BleepingComputer.

Read more of this story at Slashdot.

Amazon WorkSpaces introduces support for Rocky Linux  AWS Blog